Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible.
Also ReadCangibrina – A Fast & Powerfull Dashboard (admin) Finder
Clone the Phishing Frenzy repository using git
# git clone https://github.com/pentestgeek/phishing-frenzy.git /var/www/phishing-frenzy
$ \curl -sSL https://get.rvm.io | bash
At the end of the installation listen to any post install instructions for RVM
$ rvm install 2.1.5
# rvm all do gem install --no-rdoc --no-ri rails
# rvm all do gem install --no-rdoc --no-ri passenger
Invoke the passenger installation script
# passenger-install-apache2-module
# apt-get install apache2-threaded-dev libapr1-dev libaprutil1-dev libcurl4-openssl-dev
Invoke passenger installation script again now that dependencies are installed. Once the Passenger install has completed, ensure you pay attention to the notes and the end. You will need to add 3 lines of text to your /etc/apache2/apache.conf file.
# passenger-install-apache2-module
Install packages we need for MySQL to bundle properly
# apt-get install libmysqlclient-dev
Add Include Statement to apache2.conf and create the file /etc/apache2/pf.conf
Include pf.conf
Add content to pf.conf file
<IfModule mod_passenger.c> PassengerRoot %ROOT PassengerRuby %RUBY </IfModule> <VirtualHost *:80> ServerName phishing-frenzy.com # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /var/www/phishing-frenzy/public RailsEnv development <Directory /var/www/phishing-frenzy/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost>
Uncomment out the line # NameVirtualHost *:443 inside of /etc/apache2/ports.conf to allow SSL Phishing sites to render properly
Ensure mysql is running
# service mysql start
Login and create tables and permissions for phishing frenzy development mode
# mysql -u root -p mysql> create database pf_dev; mysql> grant all privileges on pf_dev.* to 'pf_dev'@'localhost' identified by 'password';
Install Required Gems
# cd /var/www/phishing-frenzy/ # bundle install
If your web application fails to run because it states your missing a gem, you may need to run
# bundle install --deployment # rake db:migrate # rake db:seed
Install Redis
# wget http://download.redis.io/releases/redis-stable.tar.gz # tar xzf redis-stable.tar.gz # cd redis-x.x.x/ # make # make install # cd utils/ # ./install_server.sh
If you would like to bind redis to the loopback interface checkout redis documentation for more details
Create a tmp directory for sidekiq pid
# mkdir -p /var/www/phishing-frenzy/tmp/pids
Start the sidekiq server to interact with redis
# bundle exec sidekiq -C config/sidekiq.yml
Edit the sudoers file to ensure the www-data account can reload apache
www-data ALL=(ALL) NOPASSWD: /etc/init.d/apache2 reload
Load the Efax and Intel default templates for PF using the rake helper
# rake templates:load
Change ownership of phishing-frenzy directory so apache has proper access
# chown -R www-data:www-data /var/www/phishing-frenzy/
Change permissions on the upload directory
# chmod -R 755 /var/www/phishing-frenzy/public/uploads/
Change ownership of sites-enabled directory to allow Phishing Frenzy to manage virtual hosts with Apache
# chown -R www-data:www-data /etc/apache2/sites-enabled/ # chmod -R 755 /etc/apache2/sites-enabled/
Start Apache web server
# apachectl start
Phishing Frenzy is configured with a default login of:
username: admin
password: Funt1me!
If you would like to run your Phishing Frenzy web UI over HTTPS you can do that with a few additional changes.
Run a few commands to enable the SSL module in apache and create a directory to store the cert and key.
$ sudo a2enmod ssl $ sudo service apache2 restart $ sudo mkdir /etc/apache2/ssl
Create our self signed cert using openssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/pf.key -out /etc/apache2/ssl/pf.crt <IfModule mod_passenger.c> PassengerRoot %ROOT PassengerRuby %RUBY </IfModule> <VirtualHost *:443> ServerName phishing-frenzy.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/pf.crt SSLCertificateKeyFile /etc/apache2/ssl/pf.key # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /var/www/phishing-frenzy/public RailsEnv development <Directory /var/www/phishing-frenzy/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost>
Update the Application Site URL within Global Settings menu to the appropriate FQDN with the HTTPS address with SSL enabled.
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…